Insurance companies are cutting the amount they cover in cybersecurity policies amid a surge in ransomware attacks over the last year.
That attacks are increasing is well known with a report in October finding that ransomware attacks had targeted 64% of companies. The rising number of attacks also saw cybersecurity insurance being part of the agenda at a summit at The White House in August.
Reuters reports that European and U.S. insurers operating on the Lloyd’s of London market have been able to charge higher premium rates to cover ransoms, repairs of hacked networks, business interruption losses and even public relations costs to mend reputation damage but increasing charges only go so far. In reaction to the increase in attacks, insurers are now halving the amount of cyber cover they provide.
“Insurers are changing their appetites, limits, coverage and pricing,” Caspar Stops, head of cyber at insurance company Optio Group Ltd., told Reuters. “Limits have halved – where people were offering £10 million ($13.5 million), nearly everyone has reduced to five.”
The trend isn’t necessarily new, either. Amercian International Group Inc. announced in August that it was tightening the terms of its cyber insurance. Those cuts included reduced payouts and higher terms and conditions to make claims. The company cited at the time “increasing cyber loss trends, the rising threat associated with ransomware and the system nature of cyber risk generally.”
The situation then gets worse. Reuters, referring to industry sources, also claims that Lloyd’s of London, which covers around a fifth of the global cyber insurance market, is discouraging its syndicate members from taking on any new cyber business next year.
While cyber insurance is being encouraged by the likes of the White House, the increased uptake in cyber insurance may be conversely driving the increase in ransomware. It’s claimed that ransomware gangs may check if potential victims have policies that make them more likely to payout.
“Ransomware payouts are out of control and insurance is one of the driving factors behind this new phase of attacking companies,” Jake Moore, cybersecurity specialist at cybersecurity firm ESET spol s.r.o, told TechRadar. “When payments are made, the ransomware business cycle continues and even ramps up, meaning more companies will inevitably be attacked.”
Last month, analysis from the U.S. Department of the Treasury’s Financial Crimes Enforcement Network estimated that companies had paid out ransom payments of $580 million in the first six months of this year.